EFFECTIVE DATE: June 19, 2019
Does this Policy apply to you?
The Information We Collect About You. We collect information directly from you, from devices and third party services you connect, as well as automatically through your use of our Service.
When You Create, Update, or add information to Your Profile. When you register to use the Service, we collect the personal information you provide us, including your name, email address, password, gender, height, and birthdate. We also collect any additional information you choose to add to your profile, including: weight, body mass index (BMI), whether you are a smoker or non-smoker, medical conditions, information related to medications you are taking, patient ID, and activity levels.
We collect additional information from Devices you connect to your App:
How We Use Your Information
We process your information, including your personal information, for the following purposes:
How We Share Your Information. We may share your information, including personal information, as follows:
Privacy Shield Information For EU and Swiss Individuals
In compliance with the Privacy Shield Principles, AliveCor commits to resolve complaints about your privacy and our collection or use of your personal information pursuant to the Privacy Shield. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AliveCor at the contact address below.
444 Castro St #600
Mountain View, CA 94041
AliveCor has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
The Federal Trade Commission has jurisdiction with enforcement authority over AliveCor’s compliance with the Privacy Shield.
The Privacy Shield Principles describe AliveCor’s accountability for personal data that it subsequently transfers to a third-party agent. Under the Privacy Shield Principles, AliveCor shall remain liable if third party agents process the personal information in a manner inconsistent with the Privacy Shield Principles, unless AliveCor proves it is not responsible for the event giving rise to the damage.
Note that AliveCor may be required to release the personal data of EU and Swiss individuals pursuant to the Privacy Shield in response to legal requests from public authorities including to meet national security and law enforcement requirements.
Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Access to, Storage of and Deleting My Personal Information
You may access and modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Service for a period of time. Your personal data including EKG data are stored and accessible on your device as well as in the cloud.
We store information associated with your account until your account is deleted. You can delete your account at any time by contacting Customer Support at email@example.com. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
What Choices Do I Have Regarding Promotional and Informational Emails?
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. We may still send you emails about your account or any services you have requested or received from us.
Users Under 18
Our services are not designed for users under 18. If we discover that a user under 18 has provided us with personal information, we will delete such information from our systems.
GDPR – Rights For EEA Users and AliveCor’s Capabilities for Worldwide Users
What Rights Do I Have? Individuals located in the European Economic Area (EEA) have certain rights in respect of your personal information. AliveCor will provide the capabilities to exercise these certain rights to all our worldwide users, including:
We rely on your consent as a lawful basis processing personal data for the following purposes:
We process personal data in order to perform our contract with you.
Additionally, we process personal data based on our contractual obligations to provide you the Service as described in the section “How We Use Your Information”, including:
In some cases, AliveCor may process personal information pursuant to a legal obligation or to protect your vital interests or those of another person.
For EEA users only per GDPR requirements, you can turn off local and cloud storage by going to settings and toggling the switch to “off”. If you do turn off this functionality none of your ECG data will be stored either on the cloud or on your device; AliveCor will be unable to retrieve this data and will not send out reports, for example monthly reports under premium services.
Please note that AliveCor may request additional information from you to verify your identity before we disclose any personal or account information.
If you have questions about our privacy practices, please contact us at firstname.lastname@example.org.
444 Castro St #600
Mountain View, CA 94041
If you are an EEA customer and are unable to reach AliveCor at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.